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The Line-Identification Option 


Abstract 


In Ethernet-based aggregation networks, several subscriber premises 
may be logically connected to the same interface of an Edge Router. 
This document proposes a method for the Edge Router to identify the 
subscriber premises using the contents of the received Router 
Solicitation messages. The applicability is limited to broadband 
network deployment scenarios in which multiple user ports are mapped 
to the same virtual interface on the Edge Router. 


Status of This Memo 
This is an Internet Standards Track document. 


This document is a product of the Internet Engineering Task Force 


(IETF). It represents the consensus of the IETF community. It has 
received public review and has been approved for publication by the 
Internet Engineering Steering Group (IESG). Further information on 


Internet Standards is available in Section 2 of RFC 5741. 
Information about the current status of this document, any errata, 


and how to provide feedback on it may be obtained at 
http://www.rfc-editor.org/info/rfc6788. 
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1. Introduction 


Digital Subscriber Line (DSL) is a widely deployed access technology 
for Broadband Access for Next Generation Networks. While traditional 
DSL access networks were Point-to-Point Protocol (PPP) [RFC1661] 
based, some networks are migrating from the traditional PPP access 
model into a pure IP-based Ethernet aggregated access environment. 
Architectural and topological models of an Ethernet aggregation 
network in the context of DSL aggregation are described in [TR101]. 


+----+  +----+ +---------—- + 
[Host |---| re |---| | 
+----+  +----+ | 
| AN [N 
+----+  +----+ | \ 
|Host |---| RG |----| ie 3 
+----+ +----+ toss -SSS5= + \ MS Sso-S + 
\ | | 
+------------—- + | | 
| Aggregation | | Edge | 
Network | Sawer TSF | Router | 
+------------—- + 
/ 
S + / +---------- + 
| |7 
+----+  +----+ | | / 
|Host |---| RG |----| AN | / 
+----+  +----+ 
+---------—- + 


Figure 1: Broadband Forum Network Architecture 
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T 


Tis 


One of the Ethernet and Gigabit-capable Passive Optical Network 
(GPON) aggregation models specified in this document bridges sessions 
from multiple user ports behind a DSL Access Node (AN), also referred 
to as a Digital Subscriber Line Access Multiplexer (DSLAM), into a 
single VLAN in the aggregation network. This is called the N:1 VLAN 
allocation model. 


+---------- + 
| AN | \ 
| A 
| | \ VLANx 
fesse elses + \ fo SSSeSHSs= + 
\ | | 
4+------------- + 
| Aggregation | VLANx Edge 
Network | SSASSRH | Router | 
+------------—- + | | 
/ | | 
+---------- + / Scere ee ees eet + 
/ VLANx 
/ 
| AN | / 
+---------- + 
Figure 2: n:1 VLAN model 
Terminology 

1:1 VLAN A broadband network deployment scenario in 
which each user port is mapped to a different 
VLAN on the Edge Router. The uniqueness of 
the mapping is maintained in the Access Node 
and across the aggregation network. 

N:1 VLAN A broadband network deployment scenario in 
which multiple user ports are mapped to the 
same VLAN on the Edge Router. The user ports 
may be located in the same or different Access 
Nodes. 

GPON Gigabit-capable Passive Optical Network is an 


optical access network that has been 
introduced into the Broadband Forum 
architecture in [TR156]. 
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AN A DSL or a GPON Access Node. The Access Node 
terminates the physical layer (e.g., DSL 
termination function or GPON termination 
function), may physically aggregate other 
nodes implementing such functionality, or may 
perform both functions at the same time. This 
node contains at least one standard Ethernet 
interface that serves as its "northbound" 
interface into which it aggregates traffic 
from several user ports or Ethernet-—based 
"southbound" interfaces. It does not 
implement an IPv6 stack but performs some 
limited inspection/modification of IPv6 
packets. The IPv6 functions required on the 
Access Node are described in Section 5 of 
[TR177]. 


Aggregation Network The part of the network stretching from the 
Access Nodes to the Edge Router. In the 
context of this document, the aggregation 
network is considered to be Ethernet based, 
providing standard Ethernet interfaces at the 
edges, for connecting the Access Nodes and the 
broadband network. It is comprised of 
Ethernet switches that provide very limited IP 
functionality (e.g., IGMP snooping, Multicast 
Listener Discovery (MLD) snooping, etc.). 


RG A residential gateway device. It can be a 
Layer-3 (routed) device or a Layer-2 (bridged) 
device. The residential gateway for Broadband 


Forum networks is defined in [TR124]. 


Edge Router The Edge Router, also known as the Broadband 
Network Gateway (BNG), is the first IPv6 hop 
for the user. In cases where the RG is 
bridged, the BNG acts as the default router 
for the hosts behind the RG. In cases where 
the RG is routed, the BNG acts as the default 
router for the RG itself. This node 
implements IPv6 router functionality. 


Host A node that implements IPv6é host 
functionality. 
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End-Device A node that sends Router Solicitations and 
processes received Router Advertisements. 
When a Layer-3 (L3) RG is used, it is 
considered an end-device in the context of 
this document. When a Layer-2 (L2) RG is 
used, the host behind the RG is considered to 
be an end-device in the context of this 
document. 


1.2. Conventions Used in This Document 


The key words "MUST", "MUST NOT", "REQUIRED", "SHALL","SHALL NOT", 
"SHOULD", “SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 
document are to be interpreted as described in [RFC2119]. 


2. Applicability Statement 


The Line-Identification Option (LIO) is intended to be used only for 
the N:1 VLAN deployment model. For the other VLAN deployment models, 
line identification can be achieved differently. The mechanism 
described in this document allows the connection of hosts that only 
support IPv6é stateless address auto-configuration to attach to 
networks that use the N:1 VLAN deployment model. 


When the Dynamic Host Configuration Protocol (DHCP) [RFC3315] is used 
for IPv6 address assignment, it has the side-effect of providing end- 
device-initiated reliability as well as inactivity detection. The 
reliability is provided by the end-device continuing to retransmit 
DHCP messages until it receives a response), and inactivity is 
detected by the end-device not renewing its DHCP lease. The "IPv6 
Stateless Address Autoconfiguration" protocol [RFC4862] was not 
designed to satisfy such requirements [RSDA]. While this option 
improves the reliability of operation in deployments that use Router 
Solicitations rather than DHCP, there are some limitations as 
specified below. 


The mechanism described in this document deals with the loss of 
subscriber-originated Router Solicitations (RSes) by initiating RSes 
at the AN, which improves robustness over solely relying on the 
end-device’s few initial retransmissions of RSes. 


However, the AN retransmissions imply that some information (e.g., 
the subscriber’s MAC address) that was obtained by the Edge Router 
from subscriber-originated RSes may no longer be available. For 
example, since there is no L2 frame received from the subscriber in 
case of an RS sent by an AN, the L2-address information of the 
end-device cannot be determined. One piece of L2-address information 
currently used in some broadband networks is the MAC address. For 
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this reason, the solution described in this document is NOT 
RECOMMENDED for networks that require the MAC address of the endpoint 
for identification. 


There is no indication when a subscriber is no longer active. Thus, 
this protocol cannot be used to automatically reclaim resources, such 
as prefixes, that are associated with an active subscriber. See 
Section 8. Thus, this protocol is NOT RECOMMENDED for networks that 
require automatic notification when a subscriber is no longer active. 


This mechanism by itself provides no protection against the loss of 
RS-induced state in access routers that would lead to loss of IPv6 
connectivity for end-devices. Given that regular IPv6 hosts do not 
have RS retransmission behavior that would allow automatic recovery 
from such a failure, this mechanism SHOULD only be used in 
deployments employing N:1 VLANs. 


3. Issues with Identifying the Subscriber Premises in an N:1 VLAN Model 


In a DSL- or GPON-based fixed broadband network, IPv6 end-devices are 
connected to an AN. Today, these end-devices will typically send a 
Router Solicitation message to the Edge Router, to which the Edge 
Router responds with a Router Advertisement message. The Router 
Advertisement typically contains a prefix that the end-devices will 
use to automatically configure an IPv6 address. Upon sending the 
Router Solicitation message, the node connecting the end-device on 
the access circuit, typically an AN, forwards the RS to the Edge 
Router upstream over a switched network. In such Ethernet-—based 
aggregation networks, several subscriber premises may be connected to 
the same interface of an Edge Router (e.g., on the same VLAN). 
However, the Edge Router requires some information to identify the 
end-device on the circuit. To accomplish this, the AN needs to add 
line-identification information to the Router Solicitation message 
and forward this to the Edge Router. This is analogous to the case 
where DHCP is being used, and the line-identification information is 
inserted by a DHCP relay agent [RFC3315]. This document proposes a 
method for the Edge Router to identify the subscriber premises using 
the contents of the received Router Solicitation messages. Note that 
there might be several end-devices located on the same subscriber 
premises. 


4. Basic Operation 


This document uses a mechanism that tunnels Neighbor Discovery (ND) 
packets inside another IPv6 packet that uses a destination option 
(Line-ID option) to convey line-identification information as 
depicted in Figure 3. The use of the Line-ID option in any other 
IPv6 datagrams, including untunneled RS and RA messages, is not 
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defined by this document. The ND packets are left unmodified inside 
the encapsulating IPv6 packet. In particular, the Hop Limit field of 
the ND message is not decremented when the packet is being tunneled. 
This is because an ND message whose Hop Limit is not 255 will be 
discarded by the receiver of such messages, as described in Sections 
6.1.1 and 6.1.2 of [RFC4861]. 


| |<--------------- | 
| RA | | 
|<---------- | | 
| | | 
Figure 3: Basic Message Flow 
5. AN Behavior 
5.1. On Initialization 


On initialization, the AN MUST join the Al1-BBF-Access-Nodes 
multicast group on all its upstream interfaces towards the Edge 
Router. 


5.2. On Receiving a Router Solicitation from the End-Device 


When an end-device sends out a Router Solicitation, it is received by 
the AN. The AN identifies these messages by looking for ICMPv6 
messages (IPv6 Next Header value of 58) with ICMPv6 type 133. The AN 
intercepts and then tunnels the received Router Solicitation ina 
newly created IPv6 datagram with the Line-Identification Option 
(LIO). The AN forms a new IPv6 datagram whose payload is the 
received Router Solicitation message as described in [RFC2473], 
except that the Hop Limit field of the Router Solicitation message 
MUST NOT be decremented. If the AN has an IPv6 address, it MUST use 
this address in the Source Address field of the outer IPv6é datagram. 
Otherwise, the AN MUST copy the source address from the received 
Router Solicitation into the Source Address field of the outer IPv6 
datagram. The destination address of the outer IPv6 datagram MUST be 
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copied from the destination address of the tunneled RS. The AN MUST 
include a destination options header between the outer IPv6 header 
and the payload. It MUST insert an LIO destination option and set 
the Line ID field of the option to contain the circuit identifier 
corresponding to the logical access loop port of the AN from which 
the RS was initiated. 


5.3. On Receiving a Router Advertisement from the Edge Router 


When the Edge Router sends out a tunneled Router Advertisement in 
response to the RS, it is received by the AN. If there is an LIO 
present, the AN MUST use the line-identification data of the LIO to 
identify the subscriber agent circuit of the AN on which the RA 
should be sent. The AN MUST then remove the outer IPv6 header of 
this tunneled RA and multicast the inner packet (the original RA) on 
this specific subscriber circuit. 


5.3.1. Identifying Tunneled Router Advertisements 


The AN can identify tunneled RAs by installing filters based on the 
destination address (All1-BBF-Access-Nodes, which is a reserved 
link-local scoped multicast address) of the outer packets and the 
presence of a destination option header with an LIO destination 
option. 


5.4. On Detecting a Subscriber Circuit Coming Up 


RSes initiated by end-devices as described in Section 5.2 may be lost 
due to lack of connectivity between the AN and the end-device. To 
ensure that the end-device will receive an RA, the AN needs to 
trigger the sending of periodic RAs on the Edge Router. For this 
purpose, the AN needs to inform the Edge Router that a subscriber 
circuit has come up. Each time the AN detects that a subscriber 
circuit has come up, it MUST create a Router Solicitation message as 
described in Section 6.3.7 of [RFC4861]. It MUST use the unspecified 
address as the source address of this RS. It MUST then tunnel this 
RS towards the Edge Router as described in Section 5.2. 


In case there are connectivity issues between the AN and the Edge 
Router, the RSes initiated by the AN can be lost. The AN SHOULD 
continue retransmitting the Router Solicitations following the 
algorithm described in Section 5.6 for a given LIO until it receives 
an RA for that specific LIO. 
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5.5. On Detecting Edge Router Failure 


When the Edge Router reboots and loses state or is replaced by a new 
Edge Router, the AN will detect it using connectivity check 
mechanisms that are already in place in broadband networks (e.g., 
Bidirectional Forwarding Detection). When such Edge Router failure 
is detected, the AN needs to start transmitting RSes for each of its 
subscriber circuits that have come up, as described in Section 5.4. 


5.6. RS Retransmission Algorithm 


The AN SHOULD use the exponential backoff algorithm for retransmits 
that is described in Section 14 of [RFC3315] in order to continuously 
retransmit the Router Solicitations for a given LIO until a response 
is received for that specific LIO. The AN SHOULD use the following 
variables as input to the retransmission algorithm: 


Initial retransmission time (IRT) 1 Second 
Maximum retransmission time (MRT) 30 Seconds 
Maximum retransmission count (MRC) (0 
Maximum retransmission duration (MRD) (0) 


6. Edge Router Behavior 
6.1. On Receiving a Tunneled Router Solicitation from the AN 


When the Edge Router receives a tunneled Router Solicitation 
forwarded by the AN, it needs to check if there is an LIO destination 
option present in the outer datagram. The Edge Router can use the 
contents of the Line ID field to lookup the addressing information 
and policy that need to be applied to the line from which the Router 
Solicitation was received. The Edge Router MUST then process the 
inner RS message as specified in [RFC4861]. 


6.2. On Sending a Router Advertisement Towards the End-Device 


When the Edge Router sends out a Router Advertisement in response to 
a tunneled RS that included an LIO, it MUST tunnel the Router 
Advertisement in a newly created IPv6 datagram with the LIO as 
described below. First, the Edge Router creates the Router 
Advertisement message as described in Section 6.2.3 of [RFC4861]. 
The Edge Router MUST include a Prefix Information option in this RA 
that contains the prefix that corresponds to the received LIO. (The 
LIO from the received tunneled RS is usually passed on from the Edge 
Router to some form of provisioning system that returns the prefix to 
be included in the RA. It could e,g., be based on RADIUS.) Then, 
the Edge Router forms the new IPv6 datagram whose payload is the 
Router Advertisement message, as described in [RFC2473], except that 
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the Hop Limit field of the Router Advertisement message MUST NOT be 
decremented. The Edge router MUST use a link-local IPv6 address on 
the outgoing interface in the Source Address field of the outer IPv6 
datagram. The Edge Router MUST include a destination options header 
between the outer IPv6 header and the payload. It MUST insert an LIO 
and set the Line ID field of the option to contain the same value as 
that of the Line-ID option in the received RS. The IPv6 destination 
address of the inner RA MUST be set to the all-nodes multicast 
address. 


If the Source Address field of the received IPv6 datagram was not the 
unspecified address, the Edge Router MUST copy this address into the 
Destination Address field of the outer IPv6 datagram sent back 
towards the AN. The link-layer destination address of the outer IPv6 
datagram containing the outer IPv6 datagram MUST be resolved using 
regular Neighbor Discovery procedures. 


If the Source Address field of the received IPv6 datagram was the 
unspecified address, the destination address of the outer IPv6 
datagram MUST be set to the well-known link-local scope 
Al1-BBF-Access-Nodes multicast address (ff02::10). The link-layer 
destination address of the tunneled RA MUST be set to the unicast 
link-layer address of the AN that sent the tunneled Router 
Solicitation that is being responded to. 


The Edge Router MUST ensure that it does not transmit tunneled RAs 
whose size is larger than the MTU of the link between the Edge Router 
and the AN, which would require that the outer IPv6 datagram undergo 
fragmentation. This limitation is imposed because the AN may not be 
capable of handling the reassembly of such fragmented datagrams. 


6.3. Sending Periodic Unsolicited Router Advertisements Towards the 
End-Device 


After sending a tunneled Router Advertisement as specified in Section 
6.2 in response to a received RS, the Edge Router MUST store the 
mapping between the LIO and the prefixes contained in the Router 


Advertisement. It should then initiate periodic sending of 
unsolicited Router Advertisements as described in Section 6.2.3. of 
[RFC4861] . The Router Advertisements MUST be created and tunneled 


as described in Section 6.2. The Edge Router MAY stop sending Router 
Advertisements if it receives a notification from the AN that the 
subscriber circuit has gone down. This notification can be received 
out-of-band using a mechanism such as the Access Node Control 
Protocol (ANCP). Please consult Section 8 for more details. 
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7. Line-Identification Option (LIO) 


The Line-Identification Option (LIO) is a destination option that can 
be included in IPv6 datagrams that tunnel Router Solicitation and 
Router Advertisement messages. The use of the Line-ID option in any 
other IPv6 datagrams is not defined by this document. Multiple Line- 
ID destination options MUST NOT be present in the same IPv6 datagram. 
The LIO has no alignment requirement. 


(0 1 2 3 
r2 3 4S 6 T7 8 9 0-1 2 3 A4 Se T7 e 39. OOD 2-3-4 5 6 T0 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
| Option Type | Option Length | 
+-+-+-+-+-+-+-+-+-+-+++ +++ HHHH 
LineIDLen | Line ID... 
+-+-+-+-+-+-+-+-+-+-+-++ +++ HHHH 


Figure 4: Line-Identification Option Layout 
Option Type 


8-bit identifier of the type of option. The option identifier 
for the Line-Identification Option (0x8C) has been allocated by 
the IANA. 


Option Length 


8-bit unsigned integer. The length of the option (excluding the 
Option Type and Option Length fields). The value MUST be greater 
than 0. 


LineIDLen 


8-bit unsigned integer. The length of the Line ID field in 
number of octets. 


Line ID 


Variable-length data inserted by the AN describing the 
subscriber-agent circuit identifier corresponding to the logical 
access loop port of the AN from which the RS was initiated. The 
line identification MUST be unique across all the ANs that share 
a link to the Edge Router, e.g., one such line- identification 
scheme is described in Section 3.9 of [TR101]. The line 
identification should be encoded as specified in Section 7.1. 
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7.1. Encoding of the Line ID Field Content 


This IPv6 Destination option is derived from an existing widely 
deployed DHCPv6 option [RFC4649], which is in turn derived from a 
widely deployed DHCPv4 option [RFC3046]. These options derive from 
and cite the basic DHCP options specification [RFC2132]. These 
widely deployed DHCP options use the Network Virtual Terminal (NVT) 
character set [RFC2132] [RFC0020]. Since the data carried in the 
Line-ID option is used in the same manner by the provisioning systems 
as the DHCP options, it is beneficial for it to maintain the same 
encoding as the DHCP options. 


The IPv6 Line ID option contains a description that identifies the 
line using only character positions (decimal 32 to decimal 126, 
inclusive) of the US-ASCII character set [X3.4] [RFC0020]. 
Consistent with [RFC2132], [RFC3046], and [RFC4649], the Line ID 
field SHOULD NOT contain the US-ASCII NUL character (decimal 0). 
However, implementations receiving this option MUST NOT fail merely 
because an ASCII NUL character is (erroneously) present in the Line 
ID field. 


Some existing widely deployed implementations of Edge Routers and ANs 
that support the previously mentioned DHCP option only support 
US-ASCII and strip the high-order bit from any 8-bit characters 
entered by the device operator. The previously mentioned DHCP 
options do not support 8-bit character sets either. Therefore, for 
compatibility with the installed base and to maximize 
interoperability, the high-order bit of each octet in this field MUST 
be set to zero by any device inserting this option in an IPv6 packet. 


Consistent with [RFC3046] and [RFC4649], this option always uses 
binary comparison. Therefore, two Line IDs MUST be equal when they 
match when compared byte-by-byte. Line-ID A and Line-ID B match 
byte-by-byte when (1) A and B have the same number of bytes, and (2) 
for all byte indexes P in A: the value of A at index P has the same 
binary value as the value of B at index P. 


Two Line IDs MUST NOT be equal if they do not match byte-by-byte. 
For example, an IPv6 Line-ID option containing "f123" is not equal to 


a Line-ID option "F123". 


Intermediate systems MUST NOT alter the contents of the Line ID. 
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8. 


10. 


dies 


T2 


Garbage Collection of Unused Prefixes 


Following the mechanism described in this document, the broadband 
network associates a prefix to a subscriber line based on the LIO. 
Even when the subscriber line goes down temporarily, this prefix 
stays allocated to that specific subscriber line, i.e., the prefix is 
not returned to the unused pool. When a subscriber line no longer 
needs a prefix, the prefix can be reclaimed by manual action 
dissociating the prefix from the LIO in the backend systems. 


Interactions with Secure Neighbor Discovery 


Since the RS/RA packets that are protected by the "SEcure Neighbor 
Discovery (SEND)" [RFC3971] are not modified in any way by the 
mechanism described in this document, there are no issues with SEND 
verification. 
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Security Considerations 


The line identification information inserted by the AN or the Edge 
Router is not protected. This means that this option may be 
modified, inserted, or deleted without being detected. In order to 
ensure validity of the contents of the Line ID field, the network 
between the AN and the Edge Router needs to be trusted. 


IANA Considerations 
This document defines a new IPv6 destination option for carrying line 
identification. IANA has assigned the following new destination 
option type in the "Destination Options and Hop-by-Hop Options" 
registry maintained at 
<http://www.iana.org/assignments/ipv6-parameters>: 


Ox8C Line-Identification Option [RFC6788] 


The act bits for this option are 10 and the chg bit is 0. 
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Per this document, IANA has also allocated the following well-known 
link-local scope multicast address from the "IPv6é Multicast Address 
Space Registry" located at 
<http://www.iana.org/assignments/ipv6—-multicast-—addresses/>: 


FFO2:0:0:0:0:0:0:10 All-BBF-Access-Nodes [RFC6788] 
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